PT-2025-48561

Name of the Vulnerable Software and Affected Versions Grav versions prior to 1.8.0-beta.27 Description Grav CMS contains a path traversal flaw. Authenticated attackers with administrative privileges can read arbitrary files on the server filesystem. This is due to inadequate input sanitization...

CVE-2025-66370

Kivitendo before 3.9.2 allows XXE injection. By uploading an electronic invoice in the ZUGFeRD format, it is possible to read and exfiltrate files from the server's filesystem...

Exploit for Path Traversal in Grafana

CVE-2021-43798 CVE-2021-43798 is a high-severity path traversa...

Exploit for Path Traversal in Grafana

CVE-2021-43798 CVE-2021-43798 is a high-severity path traversa...

PT-2025-48006

The AI Engine for WordPress: ChatGPT, GPT Content Generator plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1. This is due to insufficient validation of user-supplied file paths in the 'lqdai update post' AJAX endpoint and the use of file get...

Logic flaw vulnerability in the multimedia integrated business display system of Beijing Shenzhou Vision Han Technology Co., Ltd. (CNVD-C-2025-852060)

Ltd. is a deep-rooted enterprise in the field of visualization. A logic flaw vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to delete server files...

CVE-2025-10713

An XML External Entity XXE vulnerability exists in multiple WSO2 products due to improper configuration of the XML parser. The application parses user-supplied XML without applying sufficient restrictions, allowing resolution of external entities. A successful attack could enable a remote,...

Path Traversal

invokeai is vulnerable to Path Traversal. The vulnerability is due to insufficient validation of filename/path parameters due to the GET /api/v1/images/download/bulkdownloaditemname endpoint accepting user-controlled paths without canonicalization or sanitization. An an attacker can craft request...

EUVD-2025-37309

The Zombify plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.7.5. This is due to insufficient input validation in the zfgetfilebyurl function. This makes it possible for authenticated attackers, with subscriber-level access and above, to read arbitrary...

EUVD-2025-37192

A path traversal vulnerability was identified in SourceCodester Pet Grooming Management System 1.0, affecting the admin/managewebsite.php component. An authenticated user with administrative privileges can leverage this flaw by submitting a specially crafted POST request, enabling the deletion of...

100,000 WordPress Sites Affected by Arbitrary File Read Vulnerability in Anti-Malware Security and Brute-Force Firewall WordPress Plugin

On October 3rd, 2025, we received a submission for an Arbitrary File Read vulnerability in Anti-Malware Security and Brute-Force Firewall, a WordPress plugin with more than 100,000 active installations. This vulnerability makes it possible for an authenticated attacker, with subscriber-level...

CVE-2025-8050

External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal. The vulnerability could allow a user to access files hosted on the server. This issue affects Flipper: 3.1.2...

CVE-2025-8050

External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal. The vulnerability could allow a user to access files hosted on the server. This issue affects Flipper: 3.1.2...

CVE-2025-8050 External Control of File vulnerability has been discovered in opentext Flipper.

External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal. The vulnerability could allow a user to access files hosted on the server. This issue affects Flipper: 3.1.2...

CVE-2025-8050 External Control of File vulnerability has been discovered in opentext Flipper.

External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal. The vulnerability could allow a user to access files hosted on the server. This issue affects Flipper: 3.1.2...

CVE-2025-8050

The CVE-2025-8050 entry concerns OpenText Flipper 3.1.2, described as External Control of File Name or Path leading to a Path Traversal vulnerability. The available documents identify that an attacker could leverage this flaw to access files stored on the server. The material does not provide spe...

CVE-2025-10916

CVE-2025-10916 affects the FormGent WordPress plugin prior to 1.0.4. The vulnerability arises from insufficient file path validation, allowing unauthenticated attackers to delete arbitrary server files. Public references from multiple feeds (Pre‑published and after) corroborate the impact as unau...

EUVD-2025-35109

Path Traversal vulnerability in opentext Flipper allows Absolute Path Traversal. The vulnerability could allow a user to access files hosted on the server. This issue affects Flipper: 3.1.2...

CVE-2025-8051 Path traversal validation vulnerability has been discovered in opentext Flipper.

Path Traversal vulnerability in opentext Flipper allows Absolute Path Traversal. The vulnerability could allow a user to access files hosted on the server. This issue affects Flipper: 3.1.2...

CVE-2025-8051 Path traversal validation vulnerability has been discovered in opentext Flipper.

Path Traversal vulnerability in opentext Flipper allows Absolute Path Traversal. The vulnerability could allow a user to access files hosted on the server. This issue affects Flipper: 3.1.2...